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Having thus described our invention^ what we claim as new 
and desire to secure by Letters Patent is: 

1* A method for defining the scope of applications in a 
5 distributed network environment having a plurality of networked 
computers with internet protocol (IP) drivers comprising the 
steps of: 

defining the physical scope for each of said IP Drivers in 
the distributed network; 
10 discovering the physical network by scanning with said IP 

drivers; 

mapping the physical network into a graphical network 
representation; 

creating a logical network comprising components of said 
15 mapped physical network; and 

defining the logical scope for each application based on the 
logical network and the mapped physical network. 

2. A method for determining application access to at least 
one endpoint in a distributed network environment having a 
20 plurality of computers each with at least one endpoint, 
comprising the steps of: 

obtaining the logical scope for^ said application; 
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for each physical entity found within the logical scope for 
said application^ identifying the physical entity and obtaining 
the physical scope for said physical entity; 

accumulating the physical scopes for all physical entities 
5 which are found in the logical scope to define the application's 
network; and 

determining whether a given endpoint is within the defined 
application' s network. 

3. The method of Claim 2 further comprising storing the 
10 defined application network for each application. 

4. The method of Claim 3 further comprising limiting the 
application's interactions within the network based on the 
application's network. 

5. The method of Claim 3 wherein said application 
15 comprises a self-replicating program and wherein said limiting 

comprises the steps of: 

obtaining an application scope as the span of control for a 
given application; 

replicating copies of the program to computers within the 
20 span of control; 

preventing replication at computers outside of the span of 
control; and 
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ceasing replication when substantially all computers within 
the span of control have installed copies of the program^ 

6. The method of Claim 2 wherein said plurality of network 
computers include IP Drivers and wherein said obtaining the 

5 logical scope for each of said applications comprises the steps 
of: 

defining the physical scope for each of said IP Drivers in 
the distributed network; 

discovering the physical network by scanning with said IP 
10 drivers; 

mapping the physical network into a graphical network 
representation; 

creating a logical network comprising components of said 
mapped physical network; and 
15 defining the logical scope for each application based on the 

logical network and the mapped physical network. 

7. The method of Claim 5 wherein said plurality of network 
computers include IP Drivers and wherein said obtaining the 
logical scope for each of said applications comprises the steps 

20 of: 

defining the physical scope for each of said IP Drivers in 
the distributed network; 
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discovering the physical network by scanning with said IP 
drivers; 

mapping the physical network into a graphical network 
representation; 

5 creating a logical network comprising components of said 

mapped physical network; and 

defining the logical scope for each application based on the 
logical network and the mapped physical network. 

8. A control server for determining application access to 
10 endpoints in a distributed network comprising a plurality of 

computers each having at least one endpoint, comprising: 

at least one IP driver for controlling at least one of said 
endpoints; 

at least one storage location for storing at least the 
15 physical scope of control for each of said at least one IP driver 
and at least one application scope for each application to be run 
on the network; and 

a Scope Manager component for administering the scope for 
each of the at least one IP driver and the at least one 
20 application. 

9. The server of Claim 8 wherein said Scope Manager is 
adapted to define the at least one application scope for each 
application to be run on the network. 
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10. A program storage device readable by machine tangibly 
embodying a program of instructions executable by the machine to 
perform method steps for defining the scope of applications in a 
distributed network environment having a plurality of networked 

5 computers with internet protocol (IP) drivers, said method 
comprising the steps of: 

defining the physical scope for each of said IP Drivers in 
the distributed networks- 
discovering the physical network by scanning with said IP 
10 drivers; 

mapping the physical network into a graphical network 

representations- 
creating a logical network comprising components of said 

mapped physical network; and 
15 defining the logical scope for each application based on the 

logical network and the mapped physical network. 

11. A program storage device readable by machine tangibly 
embodying a program of instructions executable by the machine to 
perform method steps for determining application access to at 

20 least one endpoint in a distributed network environment having a 
plurality of computers each with at least one endpoint;. said 
method comprising the steps of: 

obtaining the logical scope for said application; 

AUS920000828 - 25 - 



for each physical entity found within the logical scope for 
said application, identifying the physical entity and obtaining 
the physical scope for said physical entity; 

accumulating the physical scopes for all physical entities 
5 which are found in the logical scope to define the application' s 
network; and 

determining whether a given endpoint is within the defined 
application's network. 

12. The program storage device of Claim 11 wherein said 
10 method further comprises storing the defined application network 

for each application. 

13. The program storage device of Claim 12 wherein said 
method further comprises limiting the application's interactions 
within the network based on the application's network. 

15 14. The program storage device of Claim 11 wherein said 

application comprises a self-replicating program and wherein said 
limiting method step further comprises the steps of: 

obtaining an app-lication scope as the spart of control for a 
given appl i cat i on ; 

20 replicating copies of the program to computers within the 

span of control; 
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preventing replication at computers outside of the span of 
control; and 

ceasing replication when substantially all computers within 
the span of control have installed copies of the program. 

5 15. The program storage device of Claim 11 wherein said 

plurality of network computers include IP Drivers and wherein 
said method step of obtaining the logical scope for each of said 
applications comprises the steps of: 

defining the physical scope for each of said IP Drivers in 
10 the distributed network; 

discovering the physical network by scanning with said IP 
drivers; 

mapping the phys-ical network into a graphical network 
representation; 

15 creating a logical network comprising components of said 

mapped physical network; and 

defining the logical scope for each application based on the 
logical network and the mapped physical network, 

16. The program storage device of Claim 14 wherein said 
20 plurality of network computers include IP Drivers and wherein 
said method step of obtaining the logical scope for each of said 
applications comprises the steps of: 
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defining the physical scope for each of said IP Drivers in 
the distributed network; 

discovering the physical network by scanning with said IP 
drivers; 

5 mapping the physical network into a graphical network 

representation; 

creating a logical network comprising components of said 
mapped physical network; and 

defining the logical scope for each application based on the 
10 logical network and the mapped physical network. 
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